SEARCH RESULTS
 
Showing 1-10 of 15 records
 
Expand article

Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption

2008-06-09 00:36:29 by Editor in Irongeek's Security Site
 
New Video: Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption Ive recently become interested in measures that modern CPUs can take to prevent various types of memory corruption attacks. One such feature is the NX bit (as AMD calls it, XD is Intels term), which allows for...
 
Tags: dep, data execution prevention, memory corruption, windows, configure dep protection, configure, memory corruption attacks, vista, buffer overflows
 
 
 
 
Expand article

Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption

2008-06-09 00:36:29 by Editor in Irongeek's Security Site
 
New Video: Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption Iâve recently become interested in measures that modern CPUs can take to prevent various types of memory corruption attacks. One such feature is the NX bit (as AMD calls it, XD is Intelâs term), which allows...
 
Tags: dep, data execution prevention, memory corruption, windows, configure dep protection, configure, memory corruption attacks, vista, buffer overflows
 
 
 
 
Expand article

SDL and the XSS Filter

2008-08-27 15:35:00 by sdl in The Security Development Lifecycle
 
Steve Lipner here. When the Internet Explorer team posted the announcement about the XSS Filter feature in IE8 I asked some other members of the SDL blog team why arent we talking about the new XSS Filter feature on the SDL blog? Bryan and Jeremy said something like thats a mitigation that only applies to specific clients and a subset of...
 
Tags: xss, xss filter, xss vulnerabilities, xss led, anti-xss library, xss attack, xss attacks, attacks, xss filter remembers
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
Hi folks, Eric Bidstrup here We interrupt our regular schedule of blog postings to offer this special post for Super Tuesday given the subject matter. Hope you enjoy This year is a presidential election year in the United States. Selecting a new president is perhaps the ultimate example of the importance of having a trustworthy election process....
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

Corrupted Heap Termination Redux

2008-06-07 04:00:00 by sdl in The Security Development Lifecycle
 
Hi, Michael here In a previous post I explained how to use HeapSetInformation correctly. In short there's an option when calling this function that will terminate your application if the heap manager detects some form of heap corruption, or the potential to cause heap corruption I would recommend you read the previous post before continuing You...
 
Tags: heap, free block list, block, handle, bogus heap handle, invalid, invalid heap, custom heap, block header
 
 
 
 
Expand article

Serializable XmlDocument

The Article has images
2008-08-19 02:58:00 by keith-brown in Security Briefs
It's surprising that XmlDocument isn't marked [Serializable], because it's very natural to serialize one into a stream. I wanted to put an object into ASP.NET ViewState the other day, and quickly ran into this roadblock, because part of the object included an XmlDocument, which is not serializable. A quick search revealed that most people deal...
 
Tags: public class item, public, public void getobjectdata, public static byte, xmldocument, return doc, return, static byte, public class
 
 
 
 
Expand article

On virtualisation

2007-05-29 16:20:00 by Niels Provos in Google Online Security Blog
 
Posted by Tavis Ormandy, Security Team Following Panayiotis' and Niels' post on malware, I'd like to discuss a somewhat related topic, virtualisation. Virtual machines are often used by security researchers to sandbox malware samples for analysis, or to protect a machine from a potentially hazardous activity. The theory is that any security...
 
Tags: machine, virtual machine process, virtual machine software, host machine, host, software, virtual machine, low, low level access
 
 
 
 
Expand article

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle
 
Hey everyone, Jeremy Dallman here One of the phrases I often hear during vision and strategy planning meetings at Microsoft is "What is the crawl, walk, run?" We use this phrase to differentiate the initial activities that will get us quickly moving toward our larger goals and then supplement them with other activities that may require longer...
 
Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements
 
 
 
 
Expand article

The Checklist

2008-02-07 20:14:00 by Security Retentive in Security Retentive
 
Brian Chess wrote about a great article in the New Yorker - " The Checklist ." The article is a fantastic read and I highly recommend it, even if you're not interested in medicine. It is well written and quite engaging about how doctors handle a ridiculously complex topic - intensive care Like Brian, I was struck by how closely the article can...
 
Tags: secure, develop secure software, software, software development organizations, health, health care delivery, security, checklist, software development world